Skip links

Privacy Policy

July 2023

1. Introduction

We respect your privacy and understand that privacy is important to you and that you care about how information about you is used, so this privacy notice sets out details about what data we collect and how we use it.

2. Visitors to our website

Where we collect personal data via our website, we will be upfront about it and it will be obvious to you that you’re providing personal data and how we will be using it.

2.1. Use of cookies

We only use cookies to store information about layout preferences and to determine whether or not you are logged in to SiSo. The cookies used are required to enable the site to operate properly, specifically:

  • To determine whether you are logged in to your account
  • To temporarily store preferences i.e. Column width, sorting, selection and search criteria in the tables

We also use cookies on our website, specifically:

  • To prevent (CSRF) Cross-Site request forgery attacks
  • A session ID, this is a unique number that the website’s server assigns to a specific user for the duration of their visit on the website
  • Google Analytics, this monitors a user’s duration and pages viewed along with a general representation of where in the world a user has visited the website from. No specific location information is attained from Google Analytics and any information provided by Google is anonymised. For more information about how Google Analytics cookies work on websites visit:

If you want to take control of what cookies we use, most web browsers allow cookie controls through their settings. You can find out more about cookies, including how to see what cookies have been set via or However, please note that if you do not allow cookies whilst using our website the functionality and your use of your site will be significantly impacted. We also provide a cookie banner on our website so you can opt-in to non-essential cookies.

2.1.1 Use of cookies on the website

As well as using Google Analytics on our main website ( we also make use of tracking technologies which use cookies. We have no control over these cookies but you can read more about how cookies are utilised in their privacy policy.

From time to time, we may make use of tracking technologies to help us run our business. We also utilise systems for the purposes of measuring the effectiveness of our marketing campaigns and to also serve our advertising via social media and web technology platforms, Google’s advertising network, and we may also utilise systems to track individual visitors to our website which in turn may mean we are able to identify your specific behaviour on the website.

Before we make use of these technologies via the website you will be prompted to provide consent for their use. If you do not consent to their use then we will not make use of these systems and will not be able to measure the effectiveness or provide our marketing messaging to you. However, if you do consent to the use of these cookies then certain information about you and your web activity will be shared with the system providers for the purposes of their advertising services, and/or recorded in our CRM, and as such this data may be processed outside the UK and EEA.

2.2. Online forms

We use forms throughout the SiSo products. The forms are used to allow users to enter booking dates / time, notes and ask questions required by the administrators to support with their services. All data submitted in these forms is saved in a database and in some cases sent in an email for the purposes of requesting an asset or notifying a system administrator.

All communications with and from the website are encrypted via the site’s SSL (https) setup.

2.3. Hosting

Our website is hosted on a dedicated servers in a secure data centre in Dublin.

3. People who call our office

3.1. To place an order

If you call us to discuss setting up a SiSo account, we will set you up on our internal CRM system for the purposes of providing you with the service. We will only collect the data needed to set up an account and you will have access (via a login and password) to all the data we hold on you.

We may also store some minimal contact information in our customer database application.

3.2. To log a support request or customer services enquiry

If you call us with a support or customer services issue we will typically deal with the issue over the phone and do not record any information relating to the discussion. However, we may communicate thereafter via email either to ask you for more information or indicate the issue has been resolved.

4. People who contact us via email

Any emails we receive are stored via our email provider’s platform (Google) and are accessible on our computers via our email client which uses a local copy of the emails (as well as them being available via the Gmail web application). Access to them is protected via device and email-service passwords.

We also make use of Google tools for managing junk email and ESET for virus checking emails.

We will only keep emails within our email system for as long as it is lawful for us to do so.

Depending on the nature of your contact, we may also store some minimal contact information in our customer database application.

5. People who contact us via our CRM

Any support or customer services issues raised directly via our CRM will be stored against your record within the system for as long as you remain a customer. If you close down your account then any support and associated user details in our CRM will be deleted.

6. Our use of social media

Any interaction with us via social media is strictly within the social media channels. We do not collect any personal data from our followers on social media.

7. People who are our customers

When you become a customer, we will set up a record on our CRM which you can view. You can also use the CRM to raise support tickets and make development requests.

We will also set up your SiSo system. You will have access to this system and will have direct control over the data contained within the system, including the ability to edit the data; you can also export all data including support and development history (from the CRM).

Your information will remain on your system for as long as you are a customer after which point the system will be shut down and associated data deleted from our systems.

For specific information stored in our CRM (e.g. administrator details) that need changing or deleting, you will need to contact us, using the CRM or usual support channels.

8. Employee data

When someone joins our team, we will only collect and ask for personal information that is required for being an employee. This will typically be your name, address, phone number, date of birth, National Insurance number, bank details for payroll and next of kin information, etc. We ask you to provide this information for employment purposes and so that we can pay you and meet legal requirements such as providing a pension.

We will also collect other data for your employee file throughout your employment with us, such as absence information, holiday requests, disciplinary or grievance information.

We will keep these records during your employment and for up to 6 years after termination of your employment. We will also keep your payroll records up to 7 years. If we record working time records, we retain these for 2 years and any immigration check information for 2 years.

All the information will be stored securely both in paper and electronic form.

We use external third-parties for processing payroll as well are carrying out our tax and pension obligations. We will therefore pass your information to these third-parties.

In all cases where we are using such third-party services or companies, we will only provide the minimal amount of information for the purposes of delivering the service to us and to meet our requirements.

We always carry out due diligence against all our third-party suppliers for the purposes of ensuring their compliance with data protection, maintaining adequate security of your data and ensuring they apply adequate data protection principles to the processing of the data we supply.

9. Recruitment

If you send us application forms or your CV, we will keep the information for as long as we’re considering your application. If you become an employee, the information will be added to your personnel file and kept in line with our policy on keeping employee records. If your application is unsuccessful we will delete the information after 6 months unless you consent to us retaining them for any longer (for example for any future opportunities). All the information will be stored, within our systems, securely.

10. Supplier or contractor data

If you are one of our suppliers we will collect the minimal information about you and your services as required to make use of your services and deal with invoices and payments for your services. Such information will be stored within our accounting package for the purposes of our accounts and will be retained accordingly.

Individual employees within our business may also retain your contact details within their email application or via business cards that you may provide to us.

11. Retention

Unless stated elsewhere in this document or in our terms of services we only store the data necessary to provide the services we provide to you. We will keep this data for as long as it is lawful for us to do so (this may be for as long as you are a customer or because of a legal obligation to retain the information, whichever is the longest).

12. Your rights

Under current data protection legislation in the UK, you have rights as an individual which you can exercise in relation to the data we store and process about you. You can find more information about your rights on the Information Commissioner’s website:

12.1. Complaints

If you feel this privacy notice does not go far enough in explaining how we have used your personal data, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to [email protected].

If you want to make a compliant about the way we are processing your data, we’d rather you brought it to us in the first instance, but of course you can contact the Information Commissioner’s Office, in their capacity as the statutory body that oversees data protection law in the UK:

12.2. How to withdraw consent and object to processing

Where we are processing your data and needed to ask your permission to do so, you are able to withdraw your consent at any time. Should we send any marketing emails, if you wish to stop receiving them, you can do so, by clicking on the “unsubscribe” link at the bottom of the email. Otherwise, you can contact us, using the contact details below.

If you wish to raise concerns about the way we are processing your data or would like to raise an objection, then please email [email protected] with your concerns.

12.3. Keeping your data up to date

It is important that any of your data that we process is kept up to date. We will from time to time ask you to verify your contact details but if you wish to update any information we hold about you, please contact us using the contact details below.

12.4. Erasure of your data (the “right to be forgotten”)

Under some circumstances you may request us to delete your data from our systems. Where this is possible (e.g. we don’t have any legal purpose for continuing to process your data) we will erase it from our systems.

12.5. Portability

Your right to portability allows you to request a machine-readable format of the data you supplied to us and associated service logs (where we store them). Please contact us, using the contact details below, if you wish to receive a CSV export of your data.

As noted above, customers can export their own data from our systems, themselves.

12.6. Access to your data

You have the right to ask us about what data we hold about you, how we process it and provide you with a copy of the information, free of charge and within one month of your request.

To make a request for any personal information we hold and process about you, we would prefer it if you could put it in writing or in an email to the addresses below. We will need to verify your identity before providing the information and where necessary may contact you further to ensure we understand what data you are requesting.

Our customer’s users should contact their service provider should they require to exercise this right regarding the use of their data within our system. Where we are considered the data processor for your data we will not be able to provide the information you require.

13.Third party processors

Siso does not use any third-party processors or services for the purposes of processing data as part of the Siso services we offer to our customers.

However, we may from time to time use third-party cloud-based services for the purposes of effectively running our business (e.g. for maintaining customer contacts, potential lead opportunities, etc.).

In all cases where we are using such services or companies who would be defined as a data processor, we will only provide the minimal amount of information for the purposes of delivering the service to us and to meet our requirements and delete the data as soon as it is no longer relevant for us to maintain the information.

We always carry out due diligence against all our third-party suppliers for the purposes of ensuring their compliance with data protection, maintaining adequate security of your data and ensuring they apply adequate data protection principles to the processing of the data we supply. We also make sure a legally binding contract (sometimes called a Data Processing Agreement or DPA) is also in place to protect your data, and should their processing take place outside the UK and EEA, we will make sure that the appropriate safeguards are in place to ensure your data is processed securely and in accordance with UK data protection legislation.

14. Disclosure of information

We do not share any personal data with any third parties unless it is lawful for us to do so, if required by law to do so or if you provide us with permission to do so.

15. More information

For more information about your data rights and privacy or data protection in general visit the Information Commissioner’s Office website:

16. How to contact us

If you have any questions about how we collect and use your information not covered in this privacy notice, or if you wish to speak to someone about our approach to data protection and privacy, please contact:

Data Protection Officer
Siso House
61c Ashley Drive South
Ashley Heath
BH24 2JP
United Kingdom
[email protected]

17. Changes to our privacy notice

We may change or update elements of this privacy notice from time to time or as required by law.

Trusted by…

“We started out with SISO supporting the store admins and then it moved to us as first line support and reporting any issues to SISO. We still have the old staff member going through to SISO and they do their utmost to help them, even though it’s not part of the process.
We’d like to drive forward the mobile app. I think that it’s going to be a big plus for the students. It’s an easy, on demand, flexible interface, where they can book.”

Sara Wynne-Hughes
Sara Wynne-Hughes
Application Support Analyst, University of Arts london